Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45707 |
|
Vulnerability in n8n-mcp (CVE-2026-45707)
vulnerability in n8n-mcp (CVE-2026-45707). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.51.2` or later.
|
| CVE-2026-45582 |
|
Vulnerability in n8n-mcp (CVE-2026-45582)
vulnerability in n8n-mcp (CVE-2026-45582). Confidential information can be exposed externally. Exploitable via ``PRIVACY.md``. Mitigation: upgrade to `2.51.3` or later.
|
| CVE-2026-42282 |
|
Vulnerability in n8n-mcp (CVE-2026-42282)
vulnerability in n8n-mcp (CVE-2026-42282). Risk of unauthorized operations or information disclosure. Exploitable via ``n8n_manage_credentials.data``. Mitigation: upgrade to `2.47.13` or later.
|
| CVE-2026-44694 |
|
Vulnerability in n8n-mcp (CVE-2026-44694)
vulnerability in n8n-mcp (CVE-2026-44694). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.50.2` or later.
|
| CVE-2026-41495 |
|
Vulnerability in n8n-mcp (CVE-2026-41495)
vulnerability in n8n-mcp (CVE-2026-41495). Risk of unauthorized operations or information disclosure. Exploitable via `POST /mcp`. Mitigation: upgrade to `2.47.11` or later.
|
| CVE-2026-42449 |
|
SSRF (Server-Side Request Forgery) in n8n-mcp (CVE-2026-42449)
SSRF in n8n-mcp (CVE-2026-42449). Confidential information can be exposed externally. Exploitable via ``N8NDocumentationMCPServer``. Mitigation: upgrade to `2.47.14` or later.
|